Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2007-02-13

MS70-05
Title Remote code execution in Step-by-Step Interactive training,
Replaces MS50-31
Affected Step-by-Step Interactive training
KB KB923723
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2006-3448 Unknown
MS70-06
Title Privilege elevation in Windows Shell,
Replaces MS60-45
Affected Explorer
KB KB928255
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2007-0211 Unknown
MS70-07
Title Privilege elevation in Windows Image Acquisition
Replaces
Affected Image Acquisition
KB KB927802
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2007-0210 Unknown
MS70-08
Title Remote code execution in HTML help Active-X
Replaces
Affected HTML Help
KB KB928843
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2007-0214 Unknown
MS70-09
Title Remote code execution in Microsoft MDAC ActiveX Workaround through a killbit, if you did not do that already: PATCH NOW
Replaces
Affected MDAC ActiveX
KB KB927779
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2006-5559 Unknown
MS70-10
Title Remote code execution in Microsoft Malware Protection Engine. This will automatically update.
Replaces
Affected Microsoft malware protection
KB KB932135
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2006-5270 Unknown
MS70-11
Title Remote code execution in Microsoft OLE dialog
Replaces
Affected OLE
KB KB926436
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2007-0026 Unknown
MS70-12
Title Remote code execution in Microsoft Foundation Class
Replaces
Affected Microsoft Foundation Class
KB KB924667
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2007-0025 Unknown
MS70-13
Title Remote code execution in RichEdit, also affects Mac OS X versions of office.
Replaces
Affected Office 1311
KB KB918118
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
MS70-14
Title Multiple vulnerabilities in word leading to remote code execution,
Replaces MS60-60
Affected Office
KB KB929434
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2007-0208 Unknown
2007-0209 Unknown
2007-0515 Unknown
2006-5994 Unknown
2006-6456 Unknown
2006-6561 Unknown
MS70-15
Title Multiple vulnerabilities in Office lead to remote code execution,
Replaces MS60-62
Affected Office
KB KB932554
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2007-0671 Unknown
2006-3877 Unknown
MS70-16
Title Multiple vulnerabilities in Internet Explorer leading to remote code execution,
Replaces MS60-72
Affected MSIE
KB KB928090
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2007-0217 Unknown
2007-0219 Unknown
2006-4697 Unknown
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.